0

I was reading about Sessions in this article https://auth0.com/docs/users/sessions

It says when a user logs in, two types of sessions are create

Two sessions are created:

The local session (storezero.io): Allows the application to know if a user is authenticated.

The session on the Authorization Server (storezero.auth0.com): Allows the Authorization Server to know if a user is authenticated and optionally, tracks other information. For example, the Authorization Server can track whether a user has authenticated using MFA. If so, the next time the user arrives at the Authorization Server, they won't need to see a login page or be prompted to use MFA again.

It says "the next time the user arrives at the Authorization Server, they won't need to see a login page or be prompted to use MFA again."

What does this sentence exactly mean? why wouldn't they see a login page?

What role does the session on the Authorization server? Why is it important to store sessions in the authorization server? If we use JWT tokens to authenticate, I don't see any use in storing the sessions on the server. (Because JWT tokens can be validated by the resource server and don't need to communicate with the authorization server)

MrRobot9
  • 123
  • 3

1 Answers1

0

Reading docs from the link you mentioned enter link description here

all of which the session stores temporarily while the user is connected.

By default, when a user leaves a website or closes their browser, their session ends. To keep users from having to log in every time they return, applications can extend sessions by storing session information in a cookie.

  • Sessions refer to a user's browsing activity. When the user closes the browser, it ends the session as well;
  • If the user opens a second browser on the same machine, it starts a new session. The user will then be asked to log in;
  • If the user closes the browser without logging out, they won't be redirected to the login page when accessing the same URL, if cookies and the session haven't expired (Gmail works this way).
surfingonthenet
  • 695
  • 2
  • 6